How do i modify the certificates produced by MS Certsrv

[Jon Wallwork]

Hi

I'm trying to use our Windows 2000 AD integrated Enterprise CA to issue
certificates that our users will use for authentication via Checkpoints
Securemote.
However acording to an extremely vague KB article on the Checkpoint KB you
have to modify the ASP code that produces certificates so that the full LDAP
DN is in the subject field of the cert.

Any hints on how you acheive this please?

Jon

 

[David Cross [MS]]

This cannot be achieved with a Windows 2000 enterprise CA, it can only be
achieved with a standalone CA in which you would have to modify the ASP
pages to inlcude a full DN in the certificate subhect in the request. The
recommended solution is to use a Windows Server 2003 enterprise CA which
supports the full DN in the certificate subject natively.

http://www.microsoft.com/windowsxp/pro/techinfo/planning/pkiwinxp/default.asp

Cert templates -
http://www.microsoft.com/technet/prodtechnol/windowsserver2003/deploy/confeat/ws03crtm.asp